Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
PHP Programming Upgrades

Changes In Store For PHP V6 368

Posted by kdawson
from the ready-or-not dept.
An anonymous reader sends in an IBM DeveloperWorks article detailing the changes coming in PHP V6 — from namespaces, to Web 2.0 built-ins, to a few features that are being removed.
This discussion has been archived. No new comments can be posted.

Changes In Store For PHP V6

Comments Filter:
  • by Anonymous Coward on Sunday May 11, 2008 @05:39PM (#23372296)
    People USE Unicode?! Back when I was a youngin' we used ASCII and LIKED IT!
  • by New Here (701369) on Sunday May 11, 2008 @06:06PM (#23372474)
    I'm New Here
  • by Anonymous Coward on Sunday May 11, 2008 @06:49PM (#23372728)

    I find PHP incredibly expressive

    You will benefit greatly from learning another language. Pretty much every modern language is more expressive than PHP. Even VBScript*.

    * Little known fact: a lost appendix to the Bible mentions that VBScript is actually the fifth horseman of the apocalypse.

  • by chromatic (9471) on Sunday May 11, 2008 @07:33PM (#23372958) Homepage

    PHP doesn't have any weird syntax... It's just a really clean, lightweight OO language.... as a language, it ... isn't a kitchen sink like Perl.

    Did you have to shower after writing this? Did you at least burn the keyboard?

  • So does this mean that if you are using magic quotes and you upgrade to PHP6, suddenly you will become vulnerable to SQL injection attack?

    Of course not! Since no one has been stupid enough to directly insert submitted strings into SQL before sending it to the server for at least 5 years now, this won't affect any modern code in the slightest.

  • by chromatic (9471) on Sunday May 11, 2008 @10:29PM (#23374128) Homepage

    It's the only way to be sure.

  • by NetCow (117556) on Monday May 12, 2008 @12:14AM (#23374722)

    Well, at least the sample code has clearly been written by a PHP expert. For example, a newbie would write something like

    function is_authorized() {
    return isset($_SESSION['user']);
    }

    and get paid for just three measly lines of code.

    Thank $deity Nathan A. Good (mail@nathanagood.com), Senior Information Engineer, Consultant stepped in and corrected this to

    function is_authorized() {
    if (isset($_SESSION['user'])) {
    return true;
    } else {
    return false;
    }
    }

    Go, consultant-written code, go!

  • by Hognoxious (631665) on Monday May 12, 2008 @09:07AM (#23377550) Homepage Journal

    I really despise this kind of post, where each sentence is torn apart and commented on separately;
    That would be a lot easier if you actually wrote proper sentences.

    usually with a sarcastic and snotty tone to it.
    See what I mean?

    In my opinion,
    Which we all totally care about.

    it's just high brow trolling
    I find it quite amusing.

    and makes the poster look like a right dick.
    I know you are but what am I?
  • by 615 (812754) on Monday May 12, 2008 @10:46AM (#23378952)

    Actually, undoing magic_quotes is quite a bit more involved. Some things to consider:

    • - magic_quotes affects more than just GET, POST and cookie data
    • - GPC data may contain arrays
    • - magic_quotes doesn't process the keys of top-level arrays

    Here's an excerpt from my personal library that addresses these issues and more. It works in PHP 4+ (I forget which minor version). Just give me some credit if you use it!

    // magic_quotes_runtime is _like_ magic_quotes_gpc/sybase, except that it
    // applies to return data (from functions)
    ini_set('magic_quotes_runtime', '0');

    // magic_quotes_gpc/sybase cannot be preempted like magic_quotes_runtime; if
    // either is enabled, the damage is already done
    if (ini_get('magic_quotes_gpc') === '1' || ini_get('magic_quotes_sybase') === '1') {
    /**
    * @author Adam Siler <amsiler@icglp.com>
    * @param mixed $value
    * @param bool $top
    * @return mixed
    */
    function undo_magic_quotes($value, $top = true) {
    // unescape strings
    if (is_string($value)) {
    // stripslashes is magic_quotes_sybase-aware
    return stripslashes($value);
    }
    // recurse into arrays
    elseif (is_array($value)) {
    // as described here: <http://us.php.net/manual/en/security.magicquotes.disabling.php#71817>,
    // magic_quotes_gpc (sybase?) does not escape the keys of top-level
    // arrays

    $unescaped_array = array();

    foreach ($value as $key => $array_value) {
    if (!$top) {
    $key = stripslashes($key);
    }

    $unescaped_array[$key] = undo_magic_quotes($array_value, false);
    }

    return $unescaped_array;
    }
    // return other values unaltered
    else {
    return $value;
    }
    }

    $_GET = undo_magic_quotes($_GET);
    $_POST = undo_magic_quotes($_POST);
    $_COOKIE = undo_magic_quotes($_COOKIE);
    $_REQUEST = undo_magic_quotes($_REQUEST);
    $_ENV = undo_magic_quotes($_ENV);
    // etc.

    // other scripts may check the value of magic_quotes_gpc or
    // magic_quotes_sybase and conclude, incorrectly, that GPC data is escaped.
    // this should fix that
    ini_set('magic_quotes_gpc', '0');
    ini_set('magic_quotes_sybase', '0');
    }

Dennis Ritchie is twice as bright as Steve Jobs, and only half wrong. -- Jim Gettys

Working...